Support » Plugin: Contact Form 7 » Spam issue for reCAPTCHA v3 for Contact form 7 5.1.1

  • ManuB

    (@manub23)


    Hi,

    I am using WP & contact form 7 5.1.1. Also I am using the ‘reCAPTCHA v3’. But I can’t send mails from my contact form, always showing spam warning with orange border. “Your message could not be sent. Please try again later or contact us via info@****.***”.

    For your contact form also showing I think same message. https://contactform7.com/contact/ , here orange border showing “Failed to send your message. Please try later or contact the administrator by another method.”

    Why this is showing ?

    For old version its not at all an issue.
    Thanks

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    What other plugins and theme do you use on the site?

    ManuB

    (@manub23)

    Theme is Uncode. Lot of plugins.

    Thanks

    ManuB

    (@manub23)

    As per some of the helps from Google. They suggest :

    Change line 112 of wp-content/plugins/contact-form-7/modules/recaptcha.php
    from: return $spam;
    to: return true;

    line 112 is something wrong !!!

    Is it helpful or any issue ?

    Thanks

    Neil Murray

    (@buzztone)

    Is it helpful or any issue ?

    No – this issue was dealt with in CF7 5.1.1

    You will likely get more effective support if you respond more completely to the plugin author’s question.

    ManuB

    (@manub23)

    No – this issue was “dealt” with in CF7 5.1.1

    what do you mean ?

    I will update to author

    Thanks

    ManuB

    (@manub23)

    What other plugins and theme do you use on the site

    Gravity Forms, JivoChat, MailChimp , All WPML items, Yoast SEO etc.. And theme is ‘Uncode”

    Thanks

    tommcgee

    (@tommcgee)

    I wrestled with this for a while, and finally got my form to work by removing the reCAPTCHA keys altogether (Contact->Integration->reCAPTCHA).

    Neil Murray

    (@buzztone)

    what do you mean ?

    CF7 5.1.1 dealt with specifically with the following suggested code change you found on Google:

    Change line 112 of wp-content/plugins/contact-form-7/modules/recaptcha.php
    from: return $spam;
    to: return true;

    It makes no sense for you to add that code as you are already using CF7 5.1.1.

    ManuB

    (@manub23)

    Sorry @buzztone.

    It makes no sense for you to add that code as you are already using CF7 5.1.1.

    , I cant see that change in my CF7 5.1.1. Also line 112 also not seeing any ‘return $spam;’.

    Look my file recaptcha.php in CF7 5.1.1,

    <?php
    
    add_action( 'wpcf7_init', 'wpcf7_recaptcha_register_service', 10, 0 );
    
    function wpcf7_recaptcha_register_service() {
    	$integration = WPCF7_Integration::get_instance();
    
    	$integration->add_category( 'captcha',
    		__( 'CAPTCHA', 'contact-form-7' )
    	);
    
    	$integration->add_service( 'recaptcha',
    		WPCF7_RECAPTCHA::get_instance()
    	);
    }
    
    add_action( 'wp_enqueue_scripts', 'wpcf7_recaptcha_enqueue_scripts', 10, 0 );
    
    function wpcf7_recaptcha_enqueue_scripts() {
    	$service = WPCF7_RECAPTCHA::get_instance();
    
    	if ( ! $service->is_active() ) {
    		return;
    	}
    
    	$url = add_query_arg(
    		array(
    			'render' => $service->get_sitekey(),
    		),
    		'https://www.google.com/recaptcha/api.js'
    	);
    
    	wp_enqueue_script( 'google-recaptcha', $url, array(), '3.0', true );
    }
    
    add_filter( 'wpcf7_form_hidden_fields',
    	'wpcf7_recaptcha_add_hidden_fields', 100, 1 );
    
    function wpcf7_recaptcha_add_hidden_fields( $fields ) {
    	return array_merge( $fields, array(
    		'g-recaptcha-response' => '',
    	) );
    }
    
    add_action( 'wp_footer', 'wpcf7_recaptcha_onload_script', 40, 0 );
    
    function wpcf7_recaptcha_onload_script() {
    	$service = WPCF7_RECAPTCHA::get_instance();
    
    	if ( ! $service->is_active() ) {
    		return;
    	}
    
    	if ( ! wp_script_is( 'google-recaptcha', 'done' ) ) {
    		return;
    	}
    
    ?>
    <script type="text/javascript">
    ( function( grecaptcha, sitekey ) {
    
    	var wpcf7recaptcha = {
    		execute: function() {
    			grecaptcha.execute(
    				sitekey,
    				{ action: 'homepage' }
    			).then( function( token ) {
    				var forms = document.getElementsByTagName( 'form' );
    
    				for ( var i = 0; i < forms.length; i++ ) {
    					var fields = forms[ i ].getElementsByTagName( 'input' );
    
    					for ( var j = 0; j < fields.length; j++ ) {
    						var field = fields[ j ];
    
    						if ( 'g-recaptcha-response' === field.getAttribute( 'name' ) ) {
    							field.setAttribute( 'value', token );
    							break;
    						}
    					}
    				}
    			} );
    		}
    	};
    
    	grecaptcha.ready( wpcf7recaptcha.execute );
    
    	document.addEventListener( 'wpcf7submit', wpcf7recaptcha.execute, false );
    
    } )( grecaptcha, '<?php echo esc_js( $service->get_sitekey() ); ?>' );
    </script>
    <?php
    }
    
    add_filter( 'wpcf7_spam', 'wpcf7_recaptcha_verify_response', 9, 1 );
    
    function wpcf7_recaptcha_verify_response( $spam ) {
    	if ( $spam ) {
    		return $spam;
    	}
    
    	$service = WPCF7_RECAPTCHA::get_instance();
    
    	if ( ! $service->is_active() ) {
    		return $spam;
    	}
    
    	$token = isset( $_POST['g-recaptcha-response'] )
    		? trim( $_POST['g-recaptcha-response'] ) : '';
    
    	return ! $service->verify( $token );
    }
    
    add_action( 'wpcf7_init', 'wpcf7_recaptcha_add_form_tag_recaptcha', 10, 0 );
    
    function wpcf7_recaptcha_add_form_tag_recaptcha() {
    	$service = WPCF7_RECAPTCHA::get_instance();
    
    	if ( ! $service->is_active() ) {
    		return;
    	}
    
    	wpcf7_add_form_tag( 'recaptcha',
    		'__return_empty_string', // no output
    		array( 'display-block' => true )
    	);
    }
    
    add_action( 'wpcf7_upgrade', 'wpcf7_upgrade_recaptcha_v2_v3', 10, 2 );
    
    function wpcf7_upgrade_recaptcha_v2_v3( $new_ver, $old_ver ) {
    	if ( version_compare( '5.1-dev', $old_ver, '<=' ) ) {
    		return;
    	}
    
    	$service = WPCF7_RECAPTCHA::get_instance();
    
    	if ( ! $service->is_active() ) {
    		return;
    	}
    
    	// Maybe v2 keys are used now. Warning necessary.
    	WPCF7::update_option( 'recaptcha_v2_v3_warning', true );
    	WPCF7::update_option( 'recaptcha', null );
    }
    
    add_action( 'wpcf7_admin_menu', 'wpcf7_admin_init_recaptcha_v2_v3', 10, 0 );
    
    function wpcf7_admin_init_recaptcha_v2_v3() {
    	if ( ! WPCF7::get_option( 'recaptcha_v2_v3_warning' ) ) {
    		return;
    	}
    
    	add_filter( 'wpcf7_admin_menu_change_notice',
    		'wpcf7_admin_menu_change_notice_recaptcha_v2_v3', 10, 1 );
    
    	add_action( 'wpcf7_admin_warnings',
    		'wpcf7_admin_warnings_recaptcha_v2_v3', 5, 3 );
    }
    
    function wpcf7_admin_menu_change_notice_recaptcha_v2_v3( $counts ) {
    	$counts['wpcf7-integration'] += 1;
    	return $counts;
    }
    
    function wpcf7_admin_warnings_recaptcha_v2_v3( $page, $action, $object ) {
    	if ( 'wpcf7-integration' !== $page ) {
    		return;
    	}
    
    	$message = sprintf(
    		esc_html( __( "API keys for reCAPTCHA v3 are different from those for v2; keys for v2 don’t work with the v3 API. You need to register your sites again to get new keys for v3. For details, see %s.", 'contact-form-7' ) ),
    		wpcf7_link(
    			__( 'https://contactform7.com/recaptcha/', 'contact-form-7' ),
    			__( 'reCAPTCHA (v3)', 'contact-form-7' )
    		)
    	);
    
    	echo sprintf(
    		'<div class="notice notice-warning"><p>%s</p></div>',
    		$message
    	);
    }
    
    if ( ! class_exists( 'WPCF7_Service' ) ) {
    	return;
    }
    
    class WPCF7_RECAPTCHA extends WPCF7_Service {
    
    	private static $instance;
    	private $sitekeys;
    
    	public static function get_instance() {
    		if ( empty( self::$instance ) ) {
    			self::$instance = new self;
    		}
    
    		return self::$instance;
    	}
    
    	private function __construct() {
    		$this->sitekeys = WPCF7::get_option( 'recaptcha' );
    	}
    
    	public function get_title() {
    		return __( 'reCAPTCHA', 'contact-form-7' );
    	}
    
    	public function is_active() {
    		$sitekey = $this->get_sitekey();
    		$secret = $this->get_secret( $sitekey );
    		return $sitekey && $secret;
    	}
    
    	public function get_categories() {
    		return array( 'captcha' );
    	}
    
    	public function icon() {
    	}
    
    	public function link() {
    		echo wpcf7_link(
    			'https://www.google.com/recaptcha/intro/index.html',
    			'google.com/recaptcha'
    		);
    	}
    
    	public function get_sitekey() {
    		if ( empty( $this->sitekeys )
    		or ! is_array( $this->sitekeys ) ) {
    			return false;
    		}
    
    		$sitekeys = array_keys( $this->sitekeys );
    
    		return $sitekeys[0];
    	}
    
    	public function get_secret( $sitekey ) {
    		$sitekeys = (array) $this->sitekeys;
    
    		if ( isset( $sitekeys[$sitekey] ) ) {
    			return $sitekeys[$sitekey];
    		} else {
    			return false;
    		}
    	}
    
    	protected function log( $url, $request, $response ) {
    		wpcf7_log_remote_request( $url, $request, $response );
    	}
    
    	public function verify( $token ) {
    		$is_human = false;
    
    		if ( empty( $token ) or ! $this->is_active() ) {
    			return $is_human;
    		}
    
    		$endpoint = 'https://www.google.com/recaptcha/api/siteverify';
    
    		$sitekey = $this->get_sitekey();
    		$secret = $this->get_secret( $sitekey );
    
    		$request = array(
    			'body' => array(
    				'secret' => $secret,
    				'response' => $token,
    			),
    		);
    
    		$response = wp_remote_post( esc_url_raw( $endpoint ), $request );
    
    		if ( 200 != wp_remote_retrieve_response_code( $response ) ) {
    			if ( WP_DEBUG ) {
    				$this->log( $endpoint, $request, $response );
    			}
    
    			return $is_human;
    		}
    
    		$response_body = wp_remote_retrieve_body( $response );
    		$response_body = json_decode( $response_body, true );
    
    		$score = isset( $response_body['score'] ) ? $response_body['score'] : 0;
    		$threshold = 0.5;
    		$is_human = $threshold < $score;
    
    		$is_human = apply_filters( 'wpcf7_recaptcha_verify_response',
    			$is_human, $response_body );
    
    		return $is_human;
    	}
    
    	protected function menu_page_url( $args = '' ) {
    		$args = wp_parse_args( $args, array() );
    
    		$url = menu_page_url( 'wpcf7-integration', false );
    		$url = add_query_arg( array( 'service' => 'recaptcha' ), $url );
    
    		if ( ! empty( $args) ) {
    			$url = add_query_arg( $args, $url );
    		}
    
    		return $url;
    	}
    
    	protected function save_data() {
    		WPCF7::update_option( 'recaptcha', $this->sitekeys );
    	}
    
    	protected function reset_data() {
    		$this->sitekeys = null;
    		$this->save_data();
    	}
    
    	public function load( $action = '' ) {
    		if ( 'setup' == $action and 'POST' == $_SERVER['REQUEST_METHOD'] ) {
    			check_admin_referer( 'wpcf7-recaptcha-setup' );
    
    			if ( ! empty( $_POST['reset'] ) ) {
    				$this->reset_data();
    				$redirect_to = $this->menu_page_url( 'action=setup' );
    			} else {
    				$sitekey = isset( $_POST['sitekey'] ) ? trim( $_POST['sitekey'] ) : '';
    				$secret = isset( $_POST['secret'] ) ? trim( $_POST['secret'] ) : '';
    
    				if ( $sitekey and $secret ) {
    					$this->sitekeys = array( $sitekey => $secret );
    					$this->save_data();
    
    					$redirect_to = $this->menu_page_url( array(
    						'message' => 'success',
    					) );
    				} else {
    					$redirect_to = $this->menu_page_url( array(
    						'action' => 'setup',
    						'message' => 'invalid',
    					) );
    				}
    			}
    
    			if ( WPCF7::get_option( 'recaptcha_v2_v3_warning' ) ) {
    				WPCF7::update_option( 'recaptcha_v2_v3_warning', false );
    			}
    
    			wp_safe_redirect( $redirect_to );
    			exit();
    		}
    	}
    
    	public function admin_notice( $message = '' ) {
    		if ( 'invalid' == $message ) {
    			echo sprintf(
    				'<div class="error notice notice-error is-dismissible"><p><strong>%1$s</strong>: %2$s</p></div>',
    				esc_html( __( "ERROR", 'contact-form-7' ) ),
    				esc_html( __( "Invalid key values.", 'contact-form-7' ) ) );
    		}
    
    		if ( 'success' == $message ) {
    			echo sprintf( '<div class="updated notice notice-success is-dismissible"><p>%s</p></div>',
    				esc_html( __( 'Settings saved.', 'contact-form-7' ) ) );
    		}
    	}
    
    	public function display( $action = '' ) {
    		echo '<p>' . sprintf(
    			esc_html( __( 'reCAPTCHA protects you against spam and other types of automated abuse. With Contact Form 7’s reCAPTCHA integration module, you can block abusive form submissions by spam bots. For details, see %s.', 'contact-form-7' ) ),
    			wpcf7_link(
    				__( 'https://contactform7.com/recaptcha/', 'contact-form-7' ),
    				__( 'reCAPTCHA (v3)', 'contact-form-7' )
    			)
    		) . '</p>';
    
    		if ( $this->is_active() or 'setup' == $action ) {
    			$this->display_setup();
    		} else {
    			echo sprintf(
    				'<p><a href="%1$s" class="button">%2$s</a></p>',
    				esc_url( $this->menu_page_url( 'action=setup' ) ),
    				esc_html( __( 'Setup Integration', 'contact-form-7' ) )
    			);
    		}
    	}
    
    	private function display_setup() {
    		$sitekey = $this->is_active() ? $this->get_sitekey() : '';
    		$secret = $this->is_active() ? $this->get_secret( $sitekey ) : '';
    
    ?>
    <form method="post" action="<?php echo esc_url( $this->menu_page_url( 'action=setup' ) ); ?>">
    <?php wp_nonce_field( 'wpcf7-recaptcha-setup' ); ?>
    <table class="form-table">
    <tbody>
    <tr>
    	<th scope="row"><label for="sitekey"><?php echo esc_html( __( 'Site Key', 'contact-form-7' ) ); ?></label></th>
    	<td><?php
    		if ( $this->is_active() ) {
    			echo esc_html( $sitekey );
    			echo sprintf(
    				'<input type="hidden" value="%1$s" id="sitekey" name="sitekey" />',
    				esc_attr( $sitekey )
    			);
    		} else {
    			echo sprintf(
    				'<input type="text" aria-required="true" value="%1$s" id="sitekey" name="sitekey" class="regular-text code" />',
    				esc_attr( $sitekey )
    			);
    		}
    	?></td>
    </tr>
    <tr>
    	<th scope="row"><label for="secret"><?php echo esc_html( __( 'Secret Key', 'contact-form-7' ) ); ?></label></th>
    	<td><?php
    		if ( $this->is_active() ) {
    			echo esc_html( wpcf7_mask_password( $secret ) );
    			echo sprintf(
    				'<input type="hidden" value="%1$s" id="secret" name="secret" />',
    				esc_attr( $secret )
    			);
    		} else {
    			echo sprintf(
    				'<input type="text" aria-required="true" value="%1$s" id="secret" name="secret" class="regular-text code" />',
    				esc_attr( $secret )
    			);
    		}
    	?></td>
    </tr>
    </tbody>
    </table>
    <?php
    		if ( $this->is_active() ) {
    			submit_button(
    				_x( 'Remove Keys', 'API keys', 'contact-form-7' ),
    				'small', 'reset'
    			);
    		} else {
    			submit_button( __( 'Save Changes', 'contact-form-7' ) );
    		}
    ?>
    </form>
    <?php
    	}
    }
    

    Thanks

    ManuB

    (@manub23)

    Neil Murray

    (@buzztone)

    The plugin author dealt with the issue suggested in the code you found on Google in a different way, but he did deal with the issue.

    Anyway I hope someone else is prepared to keep dealing with your questions. I’m not going to respond further.

    ManuB

    (@manub23)

    The plugin author dealt with the issue suggested in the code you found on Google in a different way,

    I cant see it my friend sorry if I disterbe you @buzztone.

    Thanks

    ManuB

    (@manub23)

    Please respond my friend @takayukister

    Thanks

    ManuB

    (@manub23)

    My friend @buzztone,

    Also I checked that, after I login to admin area in the next tab. The contact form (CF7 5.1.1)start working with out any code change.That is first tab is site having contact form & second tab is admin logged in site.

    Thanks

    [ Please do not bump. ]

    • This reply was modified 1 year ago by ManuB.
    tommcgee

    (@tommcgee)

    I’d just like to add that on a multisite installation it’s a very special problem. I’ve got over 50 sites that are using CF7 and now I’ve got to go over every single one of them.

    For most of them I hadn’t gotten around to putting in the reCAPTCHA v3 keys, so they work OK*. But I’ve still got some due diligence. It would probably take me as long to cobble together a CLI script as it will to just do it by hand.

    ___
    * See above, removing keys.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Spam issue for reCAPTCHA v3 for Contact form 7 5.1.1’ is closed to new replies.